I’m not sure what you mean by IPV6. I don’t use it. All devices in the house (except the servers) use the Pi-hole address for DNS. For iPad/iPhone you have to set the DNS manually from the WiFi tab of your settings. Tap the little blue i with a circle around it and then tap on the Configure DNS. Don’t use a second DNS address thinking you will need it when you leave the house. Each WiFi you join will have its own DNS server supplied from the network’s router.
Questions concerning [How To] Install Pi-Hole in Docker
-
-
Unfortunately I still don't get unbound to work after I changed the DNS in my iOs devices to the pi hole address.
I configured unbound & pi-hole as described through the following guides from crashtest:
[How To] Install Pi-Hole in Docker: Update 02/25/19 - Adding Unbound, a Recursive DNS ServerMy current pi-hole DNS setup:
If I activate OpenDNS and Cloudflare as DNS upstream server, Pi-hole will work without any problems.
My unbound config file looks like the following:
Code
Alles anzeigenserver: # If no logfile is specified, syslog is used # logfile: "/var/log/unbound/unbound.log" verbosity: 0 port: 53 do-ip4: yes do-udp: yes do-tcp: yes # May be set to yes if you have IPv6 connectivity do-ip6: no # Use this only when you downloaded the list of primary root servers! root-hints: "/var/lib/unbound/root.hints" # Trust glue only if it is within the servers authority harden-glue: yes # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS harden-dnssec-stripped: yes # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details use-caps-for-id: no # Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reassembly problems edns-buffer-size: 1472 # Perform prefetching of close to expired message cache entries # This only applies to domains that have been frequently queried prefetch: yes # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine it should be unnecessary to seek performance enhancement by increasing num-threads above 1. num-threads: 1 # Ensure kernel buffer is large enough to not lose messages in traffic spikes so-rcvbuf: 1m # Ensure privacy of local IP ranges private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10
What I really don't understand is that the clients have internet access but I don't can load any page through Safari. But Telegram for example is able to send out text messages.
Would be real cool to get that to work. Think there is still some minor changes missing. But I am really at the point where I tried everything out and don't know what else to do?!
-
The custom dns looks wrong the # should a :
-
If I change it from # to : I get the following feedback from pi hole:
IP (192.168.178.82:53) is invalid!
No DNS server has been selected.
The settings have been reset to their previous values -
If I change it from # to : I get the following feedback from pi hole:
Sorry yes, been a long time since I tested this but going back through the thread one of @Agricola images shows #5353 I looked at the original pi hole docs here for unbound it states the port as 5353. TBH I haven't read all the way through this thread just picking up the last two pages.
-
That's correct but in the How-Tos from crashtest it is recommended to use port 53 instead of 5353 to prevent a potential issue when updating the OMV host.
So assuming Agricola right now using port 53 too?!
-
Unfortunately I still don't get unbound to work after I changed the DNS in my iOs devices to the pi hole address.
Are you adding just the ip address or <ip address>#53
-
Just the ip address of the pi hole.
OMV ip address#53 is only used in pi hole to use unbound as upstream server. So that combination doesn't make sense for me?! -
Just the ip address of the pi hole.
do you have the domain search option set? TBH this is one of the reasons I now have pi-hole running on a pi and a router that will allow me to add pi-holes address and disable the routers dns. The only other option I can of think of is the dns cache needs to be flushed on the iOS device.
-
domain search option?
Where can I set this option? -
domain search option?
When you go into Configure DNS there is an option search domains I have this set to my omv domain System -> Domain name which is also the same in SMB/CIFS
-
Just the ip address of the pi hole.
OMV ip address#53 is only used in pi hole to use unbound as upstream server. So that combination doesn't make sense for me?!Did you do the dig tests at the end of Unbounds configuration? One should have failed, the other should have worked.
I.E.
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53dig sigok.verteiltesysteme.net @127.0.0.1 -p 53In the above the first command fails. The second produces an IP address. This confirms that unbound is working.
-
When you go into Configure DNS there is an option search domains I have this set to my omv domain System -> Domain name which is also the same in SMB/CIFS
Configure DNS in the pi hole settings? Sorry, still don't know how to change that option.
Did you do the dig tests at the end of Unbounds configuration? One should have failed, the other should have worked.
I.E.dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53dig sigok.verteiltesysteme.net @127.0.0.1 -p 53In the above the first command fails. The second produces an IP address. This confirms that unbound is working.
Yes, I have done that and seemed for me that unbound works in background.
But please have a view on the result on your own:Code
Alles anzeigenroot@Netzwerkspeicher:~# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53 ; <<>> DiG 9.10.3-P4-Debian <<>> sigfail.verteiltesysteme.net @127.0.0.1 -p 53 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27384 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;sigfail.verteiltesysteme.net. IN A ;; Query time: 313 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Nov 03 13:59:13 CET 2019 ;; MSG SIZE rcvd: 57 root@Netzwerkspeicher:~# dig sigok.verteiltesysteme.net @127.0.0.1 -p 53 ; <<>> DiG 9.10.3-P4-Debian <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 53 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8034 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;sigok.verteiltesysteme.net. IN A ;; ANSWER SECTION: sigok.verteiltesysteme.net. 60 IN A 134.91.78.139 ;; AUTHORITY SECTION: verteiltesysteme.net. 3600 IN NS ns1.verteiltesysteme.net. verteiltesysteme.net. 3600 IN NS ns2.verteiltesysteme.net. ;; ADDITIONAL SECTION: ns1.verteiltesysteme.net. 3556 IN A 134.91.78.139 ns2.verteiltesysteme.net. 3556 IN A 134.91.78.141 ns1.verteiltesysteme.net. 3556 IN AAAA 2001:638:501:8efc::139 ns2.verteiltesysteme.net. 3556 IN AAAA 2001:638:501:8efc::141 ;; Query time: 34 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Nov 03 13:59:57 CET 2019 ;; MSG SIZE rcvd: 195
When I am watching at my pi hole dashboard I am wondering that a part of the queries are already answered through unbound (192.168.178.82). But some still go through other DNS servers:
-
Configure DNS in the pi hole settings?
No, on your iOS be it an iPhone or iPad
-
@ChrisBuzz following are the results from the tests:
root@OMV-Server:~# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53; <<>> DiG 9.10.3-P4-Debian <<>> sigfail.verteiltesysteme.net @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63400
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigfail.verteiltesysteme.net. IN A;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 03 15:43:20 EST 2019
;; MSG SIZE rcvd: 57________________________________________________________
root@OMV-Server:~# dig sigok.verteiltesysteme.net @127.0.0.1 -p 53
; <<>> DiG 9.10.3-P4-Debian <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6304
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigok.verteiltesysteme.net. IN A;; ANSWER SECTION:
sigok.verteiltesysteme.net. 3600 IN A 134.91.78.139;; AUTHORITY SECTION:
verteiltesysteme.net. 3216 IN NS ns2.verteiltesysteme.net.
verteiltesysteme.net. 3216 IN NS ns1.verteiltesysteme.net.;; ADDITIONAL SECTION:
ns1.verteiltesysteme.net. 3216 IN A 134.91.78.139
ns2.verteiltesysteme.net. 3216 IN A 134.91.78.141
ns1.verteiltesysteme.net. 3216 IN AAAA 2001:638:501:8efc::139
ns2.verteiltesysteme.net. 3216 IN AAAA 2001:638:501:8efc::141;; Query time: 136 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 03 15:49:36 EST 2019
;; MSG SIZE rcvd: 195root@OMV-Server:~#
_________________________________________________Here's the config file I'm using the OMV server host, located at /etc/unbound/unbound.conf.d/pi-hole.conf
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes# May be set to yes if you have IPv6 connectivity
do-ip6: no# Use this only when you downloaded the list of primary root servers!
root-hints: "/var/lib/unbound/root.hints"# Trust glue only if it is within the servers authority
harden-glue: yes# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/…by-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472# TTL bounds for cache
cache-min-ttl: 3600
cache-max-ttl: 86400# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes# One thread should be sufficient, can be increased on beefy machines
num-threads: 1# Ensure kernel buffer is large enough to not loose messages in traffic spikes
so-rcvbuf: 1m# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10______________________________________________________________________
In my setup, I direct all clients to my router, which forwards to pi-hole (running in a docker), which forwards to unbound which is running in a direct install on my OMV server.
The above also works for DHCP clients - they'll pickup the router's DNS server setting.
As has been mentioned, only one DNS address (Pi-hole's address) can be used at the router or, under certain circumstances, Pi-hole can be bypassed. If there's more than one entry to fill, any DNS entry at the router should be pi-holes address.With that said, as I remember, one user had an Apple router that seemingly ignored the DNS setting and used the ISP's DNS server anyway. All I can say to that is, buy another router that does what you configure it to do. If equipment ignores your settings, nothing can be done about that.
To stop IPv6 leaks (advertisers are using IPv6 to bypass firewalls and DNS blockers like Pi-hole), add the following line pi-holes config file.
AAAA_QUERY_ANALYSIS=no (How to do that, with Pi-hole running in a Docker, is in the Pi-hole How-To.) -
In my setup, I direct all clients to my router, which forwards to pi-hole (running in a docker), which forwards to unbound which is running in a direct install on my OMV server.
The above also works for DHCP clients - they'll pickup the router's DNS server setting.
As has been mentioned, only one DNS address (Pi-hole's address) can be used at the router or, under certain circumstances, Pi-hole can be bypassed. If there's more than one entry to fill, any DNS entry at the router should be pi-holes address.With that said, as I remember, one user had an Apple router that seemingly ignored the DNS setting and used the ISP's DNS server anyway. All I can say to that is, buy another router that does what you configure it to do. If equipment ignores your settings, nothing can be done about that.
To stop IPv6 leaks (advertisers are using IPv6 to bypass firewalls and DNS blockers like Pi-hole), add the following line pi-holes config file.
AAAA_QUERY_ANALYSIS=no (How to do that, with Pi-hole running in a Docker, is in the Pi-hole How-To.)I have a very similar set-up, the only real difference is that I have two Unbounds, each running in a Docker container. And I concur, if equipment ignores your settings, replace it. You are the master of your home network, not your ISP.
-
Any ideas why my pi-hole docker container can't ping the OMV host (Raspberry Pi 4 w/ unbound local install)? I've followed the guide closely. Other devices on the network can ping both the Pi-Hole container and OMV as well as utilise unbound via dig @<OMV-host address> but ping <OMV-host address> fails inside the Pihole container.
-
Hi,
I'm try to set up PiHole to use as a pxe/dhcp server.
I don't need it to block ads.Is the MacVlan require for this ?
-
I'm try to set up PiHole to use as a pxe/dhcp server.
I don't need it to block ads.Is the MacVlan require for this ?
No. The MacVlan is to give pi-hole exclusive access to ports 80 and 443, on another IP address, to be able pi-hole's ability to do full page blocks. If you don't care about blocking, you could use bridged mode and redirect pi-hole's port 80 and 443 to other ports, that won't conflict with OMV.
BTW: I just started using pi-holes DHCP function. It works well. It's a shame I didn't test it sooner.
-
I made several attempts with installed PiHole, but it failed.
Some crap permissions issue that I can't figure it out.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!